diff --git a/airtime_mvc/application/common/CORSHelper.php b/airtime_mvc/application/common/CORSHelper.php
index 6febb0f1b..fac6e3fdd 100644
--- a/airtime_mvc/application/common/CORSHelper.php
+++ b/airtime_mvc/application/common/CORSHelper.php
@@ -11,17 +11,19 @@ class CORSHelper
$response = $response->setHeader('Access-Control-Allow-Origin', '*');
$origin = $request->getHeader('Origin');
if ((!(preg_match("/https?:\/\/localhost/", $origin) === 1)) && ($origin != "") &&
- (!in_array($origin,
- array("http://www.airtime.pro",
- "https://www.airtime.pro",
- "https://account.sourcefabric.com",
- "http://" . $_SERVER['SERVER_NAME'],
- "https://" . $_SERVER['SERVER_NAME']
- ))
- ))
+ (!in_array($origin, self::getAllowedOrigins())))
{
//Don't allow CORS from other domains to prevent XSS.
throw new Zend_Controller_Action_Exception('Forbidden', 403);
}
}
+
+ public static function getAllowedOrigins()
+ {
+ return array("http://www.airtime.pro",
+ "https://www.airtime.pro",
+ "https://account.sourcefabric.com",
+ "http://" . $_SERVER['SERVER_NAME'],
+ "https://" . $_SERVER['SERVER_NAME']);
+ }
}
diff --git a/airtime_mvc/application/controllers/ApiController.php b/airtime_mvc/application/controllers/ApiController.php
index eed21973f..621be784a 100644
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@@ -1212,9 +1212,10 @@ class ApiController extends Zend_Controller_Action
} elseif ($djtype == "dj") {
//check against show dj auth
$showInfo = Application_Model_Show::getCurrentShow();
+
// there is current playing show
- if (isset($showInfo['id'])) {
- $current_show_id = $showInfo['id'];
+ if (isset($showInfo[0]['id'])) {
+ $current_show_id = $showInfo[0]['id'];
$CcShow = CcShowQuery::create()->findPK($current_show_id);
// get custom pass info from the show
diff --git a/airtime_mvc/application/forms/Login.php b/airtime_mvc/application/forms/Login.php
index b8d3989c2..623fa14fa 100644
--- a/airtime_mvc/application/forms/Login.php
+++ b/airtime_mvc/application/forms/Login.php
@@ -1,5 +1,7 @@
setMethod('post');
- $this->addElement('hash', 'csrf', array(
- 'salt' => 'unique'
- ));
+ //If the request comes from an origin we consider safe, we disable the CSRF
+ //token checking ONLY for the login page. We do this to allow logins from WHMCS to work.
+ $request = Zend_Controller_Front::getInstance()->getRequest();
+ if ($request) {
+ $refererUrl = $request->getHeader('referer');
+ $originIsSafe = false;
+ foreach (CORSHelper::getAllowedOrigins() as $safeOrigin) {
+ if (StringHelper::startsWith($safeOrigin, $refererUrl)) {
+ $originIsSafe = true;
+ break;
+ }
+ }
+ }
+
+ if (!$originIsSafe) {
+ $this->addElement('hash', 'csrf', array(
+ 'salt' => 'unique'
+ ));
+ }
$this->setDecorators(array(
array('ViewScript', array('viewScript' => 'form/login.phtml'))
diff --git a/airtime_mvc/application/models/Scheduler.php b/airtime_mvc/application/models/Scheduler.php
index 39415beaa..4208ff5c7 100644
--- a/airtime_mvc/application/models/Scheduler.php
+++ b/airtime_mvc/application/models/Scheduler.php
@@ -1112,35 +1112,36 @@ class Application_Model_Scheduler
$removedItems = CcScheduleQuery::create()->findPks($scheduledIds);
- //check to make sure all items selected are up to date
- foreach ($removedItems as $removedItem) {
+ // This array is used to keep track of every show instance that was
+ // effected by the track deletion. It will be used later on to
+ // remove gaps in the schedule and adjust crossfade times.
+ $effectedInstanceIds = array();
+ foreach ($removedItems as $removedItem) {
$instance = $removedItem->getCcShowInstances($this->con);
+ $effectedInstanceIds[] = $instance->getDbId();
//check if instance is linked and if so get the schedule items
//for all linked instances so we can delete them too
if (!$cancelShow && $instance->getCcShow()->isLinked()) {
//returns all linked instances if linked
$ccShowInstances = $this->getInstances($instance->getDbId());
+
$instanceIds = array();
foreach ($ccShowInstances as $ccShowInstance) {
$instanceIds[] = $ccShowInstance->getDbId();
}
- /*
- * Find all the schedule items that are in the same position
- * as the selected item by the user.
- * The position of each track is the same across each linked instance
- */
+ $effectedInstanceIds = array_merge($effectedInstanceIds, $instanceIds);
+
+ // Delete the same track, represented by $removedItem, in
+ // each linked show instance.
$itemsToDelete = CcScheduleQuery::create()
->filterByDbPosition($removedItem->getDbPosition())
->filterByDbInstanceId($instanceIds, Criteria::IN)
- ->find();
- foreach ($itemsToDelete as $item) {
- if (!$removedItems->contains($item)) {
- $removedItems->append($item);
- }
- }
+ ->filterByDbId($removedItem->getDbId(), Criteria::NOT_EQUAL)
+ ->delete($this->con);
}
+
//check to truncate the currently playing item instead of deleting it.
if ($removedItem->isCurrentItem($this->epochNow)) {
@@ -1165,29 +1166,11 @@ class Application_Model_Scheduler
} else {
$removedItem->delete($this->con);
}
-
- // update is_scheduled in cc_files but only if
- // the file is not scheduled somewhere else
- $fileId = $removedItem->getDbFileId();
- // check if the removed item is scheduled somewhere else
- $futureScheduledFiles = Application_Model_Schedule::getAllFutureScheduledFiles();
- if (!is_null($fileId) && !in_array($fileId, $futureScheduledFiles)) {
- $db_file = CcFilesQuery::create()->findPk($fileId, $this->con);
- $db_file->setDbIsScheduled(false)->save($this->con);
- }
}
+ Application_Model_StoredFile::updatePastFilesIsScheduled();
if ($adjustSched === true) {
- //get the show instances of the shows we must adjust times for.
- foreach ($removedItems as $item) {
-
- $instance = $item->getDBInstanceId();
- if (!in_array($instance, $showInstances)) {
- $showInstances[] = $instance;
- }
- }
-
- foreach ($showInstances as $instance) {
+ foreach ($effectedInstanceIds as $instance) {
$this->removeGaps($instance);
$this->calculateCrossfades($instance);
}
@@ -1195,7 +1178,7 @@ class Application_Model_Scheduler
//update the status flag in cc_schedule.
$instances = CcShowInstancesQuery::create()
- ->filterByPrimaryKeys($showInstances)
+ ->filterByPrimaryKeys($effectedInstanceIds)
->find($this->con);
foreach ($instances as $instance) {
diff --git a/airtime_mvc/application/models/Show.php b/airtime_mvc/application/models/Show.php
index ba9afbeb7..e75d07441 100644
--- a/airtime_mvc/application/models/Show.php
+++ b/airtime_mvc/application/models/Show.php
@@ -1311,7 +1311,6 @@ SQL;
$results['nextShow'][0] = array(
"id" => $rows[$i]['id'],
"instance_id" => $rows[$i]['instance_id'],
- "instance_description" => $rows[$i]['instance_description'],
"name" => $rows[$i]['name'],
"description" => $rows[$i]['description'],
"url" => $rows[$i]['url'],
diff --git a/airtime_mvc/application/models/StoredFile.php b/airtime_mvc/application/models/StoredFile.php
index 06f1ffa38..ca8271e1a 100644
--- a/airtime_mvc/application/models/StoredFile.php
+++ b/airtime_mvc/application/models/StoredFile.php
@@ -362,7 +362,8 @@ SQL;
{
$exists = false;
try {
- $exists = file_exists($this->getFilePath());
+ $filePath = $this->getFilePath();
+ $exists = (file_exists($this->getFilePath()) && !is_dir($filePath));
} catch (Exception $e) {
return false;
}
diff --git a/airtime_mvc/application/modules/rest/controllers/MediaController.php b/airtime_mvc/application/modules/rest/controllers/MediaController.php
index 2d166a34e..d0f2a3d87 100644
--- a/airtime_mvc/application/modules/rest/controllers/MediaController.php
+++ b/airtime_mvc/application/modules/rest/controllers/MediaController.php
@@ -80,35 +80,6 @@ class Rest_MediaController extends Zend_Rest_Controller
$this->fileNotFoundResponse();
}
}
-
- public function clearAction()
- {
- if (!$this->verifyAuth(true, true))
- {
- return;
- }
-
- //set file_exists flag to false for every file
- $con = Propel::getConnection(CcFilesPeer::DATABASE_NAME);
- $selectCriteria = new Criteria();
- $selectCriteria->add(CcFilesPeer::FILE_EXISTS, true);
- $updateCriteria = new Criteria();
- $updateCriteria->add(CcFilesPeer::FILE_EXISTS, false);
- BasePeer::doUpdate($selectCriteria, $updateCriteria, $con);
-
- //delete all files and directories under .../imported
- $path = isset($_SERVER['AIRTIME_BASE']) ? $_SERVER['AIRTIME_BASE']."/srv/airtime/stor/imported/*" : "/srv/airtime/stor/imported/*";
- exec("rm -rf $path");
-
- //update disk_usage value in cc_pref
- $storDir = isset($_SERVER['AIRTIME_BASE']) ? $_SERVER['AIRTIME_BASE']."srv/airtime/stor" : "/srv/airtime/stor";
- $diskUsage = shell_exec("du -sb $storDir | awk '{print $1}'");
- Application_Model_Preference::setDiskUsage($diskUsage);
-
- $this->getResponse()
- ->setHttpResponseCode(200)
- ->appendBody("Library has been cleared");
- }
public function getAction()
{
@@ -267,8 +238,7 @@ class Rest_MediaController extends Zend_Rest_Controller
{
return;
}
-
-
+
$id = $this->getId();
if (!$id) {
return;
diff --git a/python_apps/airtime_analyzer/airtime_analyzer/message_listener.py b/python_apps/airtime_analyzer/airtime_analyzer/message_listener.py
index acf21f471..f106258e1 100644
--- a/python_apps/airtime_analyzer/airtime_analyzer/message_listener.py
+++ b/python_apps/airtime_analyzer/airtime_analyzer/message_listener.py
@@ -27,7 +27,7 @@ QUEUE = "airtime-uploads"
Airtime's music library directory. Lastly, the extracted metadata is
reported back to the Airtime web application.
- There's a couple of Very Important technical details and contraints that you
+ There's a couple of Very Important technical details and constraints that you
need to know if you're going to work on this code:
1) airtime_analyzer is designed so it doesn't have to run on the same
diff --git a/python_apps/airtime_analyzer/tools/ftp-upload-hook.sh b/python_apps/airtime_analyzer/tools/ftp-upload-hook.sh
index 216716625..f0a00fbe9 100755
--- a/python_apps/airtime_analyzer/tools/ftp-upload-hook.sh
+++ b/python_apps/airtime_analyzer/tools/ftp-upload-hook.sh
@@ -18,7 +18,7 @@ post_file() {
airtime_conf_path=/etc/airtime/airtime.conf
#maps the instance_path to the url
- vhost_file=/mnt/airtimepro/system/vhost.map
+ vhost_file=/etc/apache2/airtime/vhost.map
#instance_path will look like 1/1384, for example
instance_path=$(echo ${file_path} | grep -Po "(?<=($base_instance_path)).*?(?=/srv)")
diff --git a/tests/selenium/Account Plans.html b/tests/selenium/Account Plans.html
index a320b9dfb..4c51f4a88 100644
--- a/tests/selenium/Account Plans.html
+++ b/tests/selenium/Account Plans.html
@@ -3,7 +3,7 @@
-
+
Account Plans
diff --git a/tests/selenium/Add Media Skeleton Present.html b/tests/selenium/Add Media Skeleton Present.html
index 597721829..d9def30cf 100644
--- a/tests/selenium/Add Media Skeleton Present.html
+++ b/tests/selenium/Add Media Skeleton Present.html
@@ -3,7 +3,7 @@
-
+
Add Media Skeleton Present
diff --git a/tests/selenium/Billing Account Details.html b/tests/selenium/Billing Account Details.html
index 13d428ad4..e09acc9c8 100644
--- a/tests/selenium/Billing Account Details.html
+++ b/tests/selenium/Billing Account Details.html
@@ -3,7 +3,7 @@
-
+
Billing Account Details
diff --git a/tests/selenium/Billing Menu Contents.html b/tests/selenium/Billing Menu Contents.html
index 22e8db439..af5d43247 100644
--- a/tests/selenium/Billing Menu Contents.html
+++ b/tests/selenium/Billing Menu Contents.html
@@ -3,7 +3,7 @@
-
+
Billing Menu Contents
diff --git a/tests/selenium/Calendar Add Show Skeleton.html b/tests/selenium/Calendar Add Show Skeleton.html
index d16810637..6ab57a89e 100644
--- a/tests/selenium/Calendar Add Show Skeleton.html
+++ b/tests/selenium/Calendar Add Show Skeleton.html
@@ -3,7 +3,7 @@
-
+
Calendar Add Show Skeleton
diff --git a/tests/selenium/Calendar Day Week Month Views.html b/tests/selenium/Calendar Day Week Month Views.html
index 6923d1c8a..6cefa5625 100644
--- a/tests/selenium/Calendar Day Week Month Views.html
+++ b/tests/selenium/Calendar Day Week Month Views.html
@@ -3,7 +3,7 @@
-
+
Calendar Day Week Month Views
diff --git a/tests/selenium/Calendar Skeleton Present.html b/tests/selenium/Calendar Skeleton Present.html
index 9275f8ecb..6aeb2f102 100644
--- a/tests/selenium/Calendar Skeleton Present.html
+++ b/tests/selenium/Calendar Skeleton Present.html
@@ -3,7 +3,7 @@
-
+
Calendar Skeleton Present
diff --git a/tests/selenium/Invoices Skeleton.html b/tests/selenium/Invoices Skeleton.html
index 397fb376d..bad141d2c 100644
--- a/tests/selenium/Invoices Skeleton.html
+++ b/tests/selenium/Invoices Skeleton.html
@@ -3,7 +3,7 @@
-
+
Invoices Skeleton
diff --git a/tests/selenium/Library Skeleton Present.html b/tests/selenium/Library Skeleton Present.html
index 4c34a993b..a6f01315b 100644
--- a/tests/selenium/Library Skeleton Present.html
+++ b/tests/selenium/Library Skeleton Present.html
@@ -3,7 +3,7 @@
-
+
Library Skeleton Present
diff --git a/tests/selenium/Listen Button Skeleton.html b/tests/selenium/Listen Button Skeleton.html
index 5fb225fd6..b0f783879 100644
--- a/tests/selenium/Listen Button Skeleton.html
+++ b/tests/selenium/Listen Button Skeleton.html
@@ -3,7 +3,7 @@
-
+
Listen Button Skeleton
diff --git a/tests/selenium/Login and Logout.html b/tests/selenium/Login and Logout.html
index 6dc350791..23a742959 100644
--- a/tests/selenium/Login and Logout.html
+++ b/tests/selenium/Login and Logout.html
@@ -3,7 +3,7 @@
-
+
Login and Logout
diff --git a/tests/selenium/Login.html b/tests/selenium/Login.html
index 6246c78af..5e25b5a6b 100644
--- a/tests/selenium/Login.html
+++ b/tests/selenium/Login.html
@@ -3,7 +3,7 @@
-
+
Login
diff --git a/tests/selenium/Preferences Skeletons.html b/tests/selenium/Preferences Skeletons.html
index 67fab75ef..47f114551 100644
--- a/tests/selenium/Preferences Skeletons.html
+++ b/tests/selenium/Preferences Skeletons.html
@@ -3,7 +3,7 @@
-
+
Preferences Skeletons
diff --git a/tests/selenium/System Menu Contents.html b/tests/selenium/System Menu Contents.html
index 2a2a4077c..a064cabbb 100644
--- a/tests/selenium/System Menu Contents.html
+++ b/tests/selenium/System Menu Contents.html
@@ -3,7 +3,7 @@
-
+
System Menu Contents